CVE-2024-28249

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/cilium/cilium/releases/tag/v1.13.13
https://github.com/cilium/cilium/releases/tag/v1.14.8
https://github.com/cilium/cilium/releases/tag/v1.15.2
https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
https://github.com/cilium/cilium/releases/tag/v1.13.13
https://github.com/cilium/cilium/releases/tag/v1.14.8
https://github.com/cilium/cilium/releases/tag/v1.15.2
https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36

Configurations

No configuration.

History

21 Nov 2024, 09:06

Type	Values Removed	Values Added
References	~~() https://github.com/cilium/cilium/releases/tag/v1.13.13 -~~	() https://github.com/cilium/cilium/releases/tag/v1.13.13 -
References	~~() https://github.com/cilium/cilium/releases/tag/v1.14.8 -~~	() https://github.com/cilium/cilium/releases/tag/v1.14.8 -
References	~~() https://github.com/cilium/cilium/releases/tag/v1.15.2 -~~	() https://github.com/cilium/cilium/releases/tag/v1.15.2 -
References	~~() https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36 -~~	() https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36 -

19 Mar 2024, 13:26

Type	Values Removed	Values Added
Summary		(es) Cilium es una solución de redes, observabilidad y seguridad con un plano de datos basado en eBPF. Antes de las versiones 1.13.13, 1.14.8 y 1.15.2, en los clústeres de Cilium con IPsec habilitado y el tráfico que coincide con las políticas de Capa 7, el tráfico elegible para IPsec entre el proxy Envoy de un nodo y los pods en otros nodos se envía sin cifrar y es elegible para IPsec. El tráfico entre el proxy DNS de un nodo y los pods de otros nodos se envía sin cifrar. Este problema se resolvió en Cilium 1.15.2, 1.14.8 y 1.13.13. No se conoce ningún workaround para este problema.

18 Mar 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-18 22:15

Updated : 2024-11-21 09:06

NVD link : CVE-2024-28249

Mitre link : CVE-2024-28249

CVE.ORG link : CVE-2024-28249

JSON object : View

Products Affected

No product.

CWE

CWE-311

Missing Encryption of Sensitive Data

6.1 /10